No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Researching Cybersecurity Governance: Insights from Fieldwork with Cybersecurity Experts and End-Users
Abstract
The field of cybersecurity governance research strives to understand, rationalize, and propose effective solutions for the complex task of safeguarding cyberspace as a secure environment. Concurrently, social research focuses on comprehending the institutions, policies, and behaviours that foster a safer online realm. This type of inquiry often relies on the expertise of professionals or involves research conducted directly with end-users. However, conducting fieldwork with these specific groups presents unique challenges pertaining to the subject matter. In this chapter, we aim to share our first-hand experiences of conducting fieldwork in cybersecurity, engaging with both experts and end-users. Our experiences stem from three distinct projects centred around governance, culture, and cybersecurity training. Throughout this chapter, we delve into the logistical, ethical, and emotional challenges we encountered along the research journey, highlighting the successes and missteps we encountered. By sharing our experiences and lessons learned, we contribute to the ongoing discourse in this field and offer valuable insights for future research endeavours.
Este estudio es una investigación cualitativa documental que analiza la gobernanza de TI, la ciberseguridad y la gestión de riesgos en las Pymes mineras en América Latina, basándose en informes especializados. Se destaca que las empresas mineras de la región en específico de Colombia que han pasado a ser un blanco atractivo para los ciberdelincuentes, enfrentándose a amenazas como el ransomware, ataques dirigidos y el robo de información confidencial, lo que compromete sus operaciones, reputación y finanzas. En este contexto, la gobernanza de TI es fundamental, y estándares como ISO 38500, COBIT 2019 e ISO 27001 proporcionan marcos sólidos para gestionar riesgos cibernéticos y asegurar la alineación de la tecnología con los objetivos empresariales, asegurando la confidencialidad, integridad y disponibilidad de los datos. Asimismo, se enfatiza la relevancia de la cooperación entre las empresas del sector y las entidades gubernamentales para intercambiar información y reforzar la defensa conjunta. Las tendencias futuras apuntan a ciberataques más sofisticados, incluyendo el uso de inteligencia artificial, ataques a la cadena de suministro y la proliferación de dispositivos IoT como amenazas emergentes. Palabras clave: Ciberseguridad, Gestión de riesgos, Gobernanza de TI, Pymes mineras
Mantener seguro el ciberespacio es una tarea compleja que supone un reto constante para las instituciones públicas. A la primera oleada de desinterés político por la ciberseguridad le ha seguido una renovada preocupación por la soberanía digital, la defensa de la ciberseguridad nacional y, más recientemente, la protección de la ciudadanía en el ciberespacio. Para cumplir estos objetivos, los Estados han desarrollado normativas, instituciones y prácticas basadas en diferentes narrativas. Este estudio analiza las instituciones involucradas en la gobernanza de la ciberseguridad en España a través de cuatro prácticas: cultura de ciberseguridad, respuesta a ciber incidentes y ciber crisis, protección de infrastructuras críticas e investigación criminal. El artículo aporta evidencias coincidentes con la conclusión de que España ha adoptado la narrativa de la gobernanza multi-stakeholder a través de competencias distribuidas entre diferentes actores. Este enfoque se ha materializado en fragmentación institucional y a la falta de claridad sobre el sistema de ciberseguridad en España. El artículo finaliza con propuestas de políticas públicas que podrían contribuir a una mayor unidad, coordinación y claridad del sistema de gobernanza de la ciberseguridad.
This paper empirically explores the contribution and collaborative networks of public and private actors to cybersecurity provision in Spain. The article draws on data from three sources: policy and legal documents, a Delphi study with cybersecurity experts, and 34 interviews. Rooted in the theoretical underpinnings of nodal governance and anchored pluralism, the paper argues that the position of actors and public-private collaboration dynamics involved in cybersecurity governance can be understood through the analysis of capital exchange. Therefore, the study provides a list of the most relevant nodes for cybersecurity in Spain, assesses the capital they possess and how they exchange it through collaborative networks and explores the characteristics and barriers of these collaborative relationships. Analyses reveal that public organisations hold a preeminent position in cybersecurity governance despite large technology corporations’ greater economic and cultural capital. Remarkably, the paper identifies the central position of new public bodies in the network of cybersecurity nodes. Moreover, cultural barriers that are hindering public-private collaboration in Spain are identified. These results indicate that, despite the state’s difficulties in providing public solutions to cybersecurity challenges, Spain is an example of how governance can be anchored in public bodies through symbolic and social capital.
Information security has for long time been a field of study in computer science, software engineering, and information communications technology. The term ‘information security’ has recently been replaced with the more generic term cybersecurity. The goal of this paper is to show that, in addition to computer science studies, behavioural sciences focused on user behaviour can provide key techniques to help increase cyber security and mitigate the impact of attackers’ social engineering and cognitive hacking methods (i.e., spreading false information). Accordingly, in this paper, we identify current research on psychological traits and individual differences among computer system users that explain vulnerabilities to cyber security attacks and crimes. Our review shows that computer system users possess different cognitive capabilities which determine their ability to counter information security threats. We identify gaps in the existing research and provide possible psychological methods to help computer system users comply with security policies and thus increase network and information security.
Private organizations suffer great losses due to cybersecurity incidents, and they invest increasing resources to prevent attacks, but little is known about the effectiveness of cybersecurity measures for prevention. Based on the framework of Routine Activity Theory, this paper analyzes the impact of companies' online activities and cybersecurity measures on victimization. Our analysis of the UK Cybersecurity Breaches Survey shows that the most promising ways to minimize cyber-attacks and their impacts is to invest in in-house cybersecurity human resources and enhance the employees' online self-protection by providing cybersecurity training, rather than just basic software protection and guidance about strong passwords.
In general, people are poorly protected against cyberthreats, with the main reason being user behaviour. For the study described in this paper, a questionnaire was developed in order to understand how people's knowledge of and attitude towards both cyberthreats and cyber security controls affect intention to adopt cybersecure behaviour. The study divides attitude into a cog-nitive and an affective component. Although only the cognitive component of attitude is usually studied, the results from a questionnaire of 300 respondents show that both the affective and cognitive components of attitude have a clearly positive, albeit varying, influence on behavioural intention, with the affective component having an even greater effect on attitude than the cog-nitive aspect. No correlation was found between knowledge and behavioural intention. The results indicate that attitude is an important factor to include when developing behavioural interventions, but also that different kinds of attitude should be addressed differently in interventions.
Digitalization necessarily leads organizations to rethink their cybersecurity principles in order to counter
all the risks inherent in cybercrime. Cybersecurity governance brings together all the essential elements of
cyber defense and effective risk management. Without such governance, dangerous gaps persist, and assets
are inevitably compromised. Given the critical decisions that need to be made in an ever-changing cyber
threat environment, cybersecurity standards are a critical way for companies to ensure that their security
strategy and policies are consistently and measurably implemented. The aim of this paper is to propose a
capability maturity framework to assess and improve cybersecurity governance in organizations. The
finding will help organizations to evaluate their cybersecurity governance capabilities.
The COVID-19 outbreak and the far-reaching lockdown measures are having direct and indirect effects on complex social domains, including opportunities for crime offline and online. This paper presents preliminary analyses about the short-term effect of COVID-19 and lockdown measures on cyber-dependent crime and online fraud in the UK. Time series analyses from data about crimes known to police between May 2019 and May 2020 are used to explore the extent to which cybercrime has been affected by the COVID-19 outbreak. More specifically, we examine whether cybercrime has suffered an increase during the months with the strictest lockdown restrictions, as an effect of the displacement of crime opportunities from physical to online environments. Results indicate that reports of cybercrime have increased during the COVID-19 outbreak, and these were remarkably large during the two months with the strictest lockdown policies and measures. In particular, the number of frauds associated with online shopping and auctions, and the hacking of social media and email, which are the two most common cybercrime categories in the UK, have seen the largest increases in the number of incidents. The increase in cyber-dependent crimes has mainly been experienced by individual victims rather than organisations.
As a White cis female researcher, I am often asked about my capacity to conduct meaningful, credible, and safe research with men. Questions often center on my experiences in men’s spaces, ability to understand or represent men’s experiences, and safety protocols to mitigate against looming threats of male-perpetrated violence. I am curious about how my gender continues to be a point of contention in my role as a qualitative researcher. In this meta-analysis and commentary article, I explore my experiences in relation to other female researchers who study men and who have published articles reflecting on gender norms in research practice. With examples taken from the contexts of fieldwork, qualitative interviews, and presentation of findings, this article illustrates the nuanced and often invisible power and gender dynamics that inform how methodological decisions are made, what is found or synthesized from qualitative data, and how problematic social norms are reinforced. I argue that, within the context of research about men and masculinities, researchers must be responsible for reflecting on and confronting gender norms as a part of their intersectional experiences of privilege and oppression. Specifically, researchers can use reflexive practice and field journaling to better understand how gender norms and uneven power dynamics are introduced to, co-constructed within, and generated from qualitative studies. These reflections and concerted efforts to confront broader social injustices imbedded in research practices are necessary for researchers to produce sound data and promote reciprocal research benefits. Without such efforts, researchers may reinforce the same structures of power and stereotypical gender norms that they aim to disrupt in their scholarship.
Objectives
The Delphi method is commonly used to achieve consensus in core outcome set (COS) development. It is important to try to maximize response rates to Delphi studies and minimize attrition rates and potential for bias. The factors that impact response rates in a Delphi study used for COS development are unknown. The objective of this study was to explore the impact of design characteristics on response rates in Delphi surveys within COS development.
Methods
Published and ongoing studies that included Delphi to develop a COS were eligible. Second round voting response rates were analyzed, and multilevel linear regression was conducted to investigate whether design characteristics were associated with the response rate.
Results
Thirty-one studies were included. Two characteristics were significantly associated with a lower response rate: larger panels and studies with more items included.
Conclusion
COS developers should pay attention to methods when designing a COS development study; in particular, the size of the panels and the size of the list of outcomes. We identified other potential design characteristics that might influence response rates but were unable to explore them in this analysis. These should be reported in future reports to allow for further investigation.
The aim was to describe the criteria for construction, validation of content, and appearance of a questionnaire for the identification of violence in affective relationships in adolescence. Transverse methodological study, with a quantitative approach, conducted in the period between June and November 2017, with the construction of a questionnaire and validation of the content and appearance, by means of a Delphi survey with 20 experts on the area of violence and adolescence. To evaluate the clarity and pertinence of the items of the questionnaire, a pilot test was conducted with 76 adolescents, and analysis of the validity of content and reliability of the items by means of Content Validity Index (CVI), the Interrater Agreement (IRA), and the Cronbach alpha. The data were analyzed and processed by means of the Excel and Stata, version 14.0, programs. The indexes calculated in the first round of Delphi provided the following results: CVI = 0.93 and IRA = 0.93, showing evidence of the validity and reliability of the construct content, and in the second round, the questionnaire yielded a percentage of 100% agreement among the professionals and researchers. Verification of the internal consistency presented a mean value of 0.803, calculated by means of the Cronbach alpha. The questionnaire has validity of content and appearance in accordance with the proposed objective, bearing in mind that the indexes of faithfulness and agreement and the Cronbach alpha attained values above those of the established pattern of 80%.
Objective
To establish global research priorities for interpersonal violence prevention using a systematic approach.
Methods
Research priorities were identified in a three-round process involving two surveys. In round 1, 95 global experts in violence prevention proposed research questions to be ranked in round 2. Questions were collated and organized according to the four-step public health approach to violence prevention. In round 2, 280 international experts ranked the importance of research in the four steps, and the various substeps, of the public health approach. In round 3, 131 international experts ranked the importance of detailed research questions on the public health step awarded the highest priority in round 2.
Findings
In round 2, “developing, implementing and evaluating interventions” was the step of the public health approach awarded the highest priority for four of the six types of violence considered (i.e. child maltreatment, intimate partner violence, armed violence and sexual violence) but not for youth violence or elder abuse. In contrast, “scaling up interventions and evaluating their cost–effectiveness” was ranked lowest for all types of violence. In round 3, research into “developing, implementing and evaluating interventions” that addressed parenting or laws to regulate the use of firearms was awarded the highest priority. The key limitations of the study were response and attrition rates among survey respondents. However, these rates were in line with similar priority-setting exercises.
Conclusion
These findings suggest it is premature to scale up violence prevention interventions. Developing and evaluating smaller-scale interventions should be the funding priority.
Research dealing with various aspects of* the theory of planned behavior (Ajzen, 1985,
1987) is reviewed, and some unresolved issues are discussed. In broad terms, the theory is
found to be well supported by empirical evidence. Intentions to perform behaviors of different
kinds can be predicted with high accuracy from attitudes toward the behavior, subjective
norms, and perceived behavioral control; and these intentions, together with perceptions of
behavioral control, account for considerable variance in actual behavior. Attitudes, subjective
norms, and perceived behavioral control are shown to be related to appropriate sets of salient
behavioral, normative, and control beliefs about the behavior, but the exact nature of these
relations is still uncertain. Expectancy value formulations are found to be only partly
successful in dealing with these relations. Optimal rescaling of expectancy and value
measures is offered as a means of dealing with measurement limitations. Finally, inclusion of
past behavior in the prediction equation is shown to provide a means of testing the theory*s
sufficiency, another issue that remains unresolved. The limited available evidence concerning
this question shows that the theory is predicting behavior quite well in comparison to the
ceiling imposed by behavioral reliability.
Over the past decade, focus groups and group interviews have reemerged as a popular technique for gathering qualitative data, both among sociologists and across a wide range of academic and applied research areas. Focus groups are currently used as both a self-contained method and in combination with surveys and other research methods, most notably individual, in-depth interviews. Comparisons between focus groups and both surveys and individual interviews help to show the specific advantages and disadvantages of group interviews, concentrating on the role of the group in producing interaction and the role of the moderator in guiding this interaction. The advantages of focus groups can be maximized through careful attention to research design issues at both the project and the group level. Important future directions include: the development of standards for reporting focus group research, more methodological research on focus groups, more attention to data analysis issues, and more engagement with the con...
While there has been some anecdotal discussion that hints at what motivates people to engage with qualitative research, little research has systematically explored the role of research engagement for those who choose to participate: Why do people engage with qualitative research? Using interview data collected from experienced researchers (n=13), this article seeks to systematically explore this issue by examining how researchers understand the mechanisms that motivate and facilitate research engagement. At an individual level, the supporting mechanisms identified include: subjective interest, enjoyment, curiosity, introspective interest, social comparison, therapeutic interest, material interest and economic interest. At a collective level, however, the mechanisms identified by researchers include: representation, political empowerment, and informing ‘change’. It is argued that a greater appreciation of these supporting mechanisms is likely to be crucial in examining how the research process is shaped by the motivations of those who engage, as well as helping to maintain current levels of research engagement through the development of more positive research relationships.
Using the literature on the networked society as a starting point, this article argues that security can also be conceptualized as being produced by various networks of actors—public and private. This approach eschews the usual debate between those who defend the pre‐eminence of the state (general interest) and those in favour of a plural mode of security production (market‐oriented) to focus instead on the shared complex morphology that characterizes security assemblages in the present era: networks. Security networks are found in both Anglo‐Saxon and Continental societies at the local, institutional, international and informational levels. In order to overcome the descriptive tendency of network approaches, a dynamic framework based on the capital metaphor shows how each actor of a security network mobilizes distinct forms of resources in order to maximize its position in the network. This framework can be applied to chart the emergence and transformation of security networks and the strategies deployed by their nodes.
This study employed the theory of planned behaviour to investigate the factors underlying intentions to use (time 1, N = 471), and self reported use of alcohol and tobacco (time 2, N = 141) over a 6 month period in a population of students. The TPB provided good predictions of both intentions (alcohol: R = 0.167; attitude, and perceived behavioural control (PBC) significant; tobacco: R = 0.137, PBC significant) and self reported behaviour (alcohol: R = 0.289; tobacco: R = 0.423; intentions and PBC significant for both). Descriptive norms but not moral norms explained additional variance in intentions. Implications for furthering our understanding of these behaviours are discussed.
This paper addresses some strategies for conducting elite interviews. It draws upon material from a significant number of interviews that the author has conducted with this group in a variety of economic sectors and countries, as well as from the social sciences literature on elites. The aim of the paper is to provide insights into the particularities of interviewing elites for those new to researching this group. In particular, it focuses on gaining trust and gauging the tone of the interview, how to present oneself during the interview, asking open and closed questions, the appropriate length of an interview, whether to record the conversation, coping with difficult scenarios, asking awkward questions, managing respondents who do not answer the question, keeping respondents interested in the interview and finally gaining feedback from respondents.
Insider threats represent a latent risk to all organizations, whether they are large companies or SMEs. Insiders, the individuals with privileged access to the assets of organizations, can compromise their proper functioning and cause serious consequences that can be direct—such as financial—or indirect—such as reputational. Insider incidents can have a negative impact on SMEs, as their resources are often limited, making it paramount to implement adequate cyber security measures. Despite its indisputable relevance, the empirical study of insider incidents from a criminological point of view has received little attention. This paper presents the results of an exploratory study that aims to understand the nature and extent of three type of insider incidents—malicious, negligent, and well-meaning—and how they are related to the adoption of cyber security measures. To that end, we administered a questionnaire among a panel of 496 Dutch SME entrepreneurs and managers and analyzed the results quantitatively and qualitatively. The results show that although the prevalence of insider incidents is relatively low among Dutch SMEs, few organizations report a disproportionate number of incidents that often entail serious consequences. A regression model shows that there are cyber security measures related to both higher and lower incident likelihood. The implications of these findings for the cyber security policies of SMEs are discussed.
The behavioral aspect of cybersecurity has gained more attention in recent years. By their actions, people can improve the security of their devices and organizations, but also hinder the successful implementation of security in these areas. As awareness campaigns where information is merely distributed are not effective, we designed a cybersecurity serious game applicable for cybersecurity training. The effectiveness of this game was experimentally tested against a noncybersecurity game that did or did not contain cybersecurity information, through measures of the theory of planned behavior. Results showed that the cybersecurity game resulted in higher self-reported scores on attitudes, perceived behavioral control, intentions, and behavior compared with both noncybersecurity games. For subjective norms, we only found an effect in the comparison between the cybersecurity game and the noncybersecurity game without additional information.
Most writing on sociological method has been concerned with how accurate facts can be obtained and how theory can thereby be more rigorously tested. In The Discovery of Grounded Theory, Barney Glaser and Anselm Strauss address the equally Important enterprise of how the discovery of theory from data-systematically obtained and analyzed in social research-can be furthered. The discovery of theory from data-grounded theory-is a major task confronting sociology, for such a theory fits empirical situations, and is understandable to sociologists and laymen alike. Most important, it provides relevant predictions, explanations, interpretations, and applications. In Part I of the book, "Generation Theory by Comparative Analysis," the authors present a strategy whereby sociologists can facilitate the discovery of grounded theory, both substantive and formal. This strategy involves the systematic choice and study of several comparison groups. In Part II, The Flexible Use of Data," the generation of theory from qualitative, especially documentary, and quantitative data Is considered. In Part III, "Implications of Grounded Theory," Glaser and Strauss examine the credibility of grounded theory. The Discovery of Grounded Theory is directed toward improving social scientists' capacity for generating theory that will be relevant to their research. While aimed primarily at sociologists, it will be useful to anyone Interested In studying social phenomena-political, educational, economic, industrial- especially If their studies are based on qualitative data. © 1999 by Barney G. Glaser and Frances Strauss. All rights reserved.
This book offers practical advice on designing, conducting and analyzing interviews with ‘elite’ and ‘expert’ persons (or ‘socially prominent actors’), with a focus on criminology and criminal justice. It offers dilemmas and examples of ‘good’ and ‘bad’ practices in order to encourage readers to critically asses their own work. It also addresses methodological issues which include: access, power imbalances, getting past ‘corporate answers’, considerations of whether or not it is at times acceptable to ask leading questions and whether to enter a discussion with a respondent at all. This book will be valuable to students and scholars conducting qualitative research.
The hacker is the epitome of a cybersecurity threat and the embodied misuse of the Internet. However, in recent years, notions of hacking have begun to change. Blurred boundaries mark the term, best expressed in its overlap with “security researcher.” This article draws on a 3.5-year research project on the hacker community and applies an international political sociology framework to uncover routines of rationalization. Interviews with IT and cybersecurity industry experts expose accepted identities, practices, and behaviors of hackers, which allows for the construction of in-group and out-group members in the IT and cybersecurity field. Additionally, the empirical findings are used to propose a conceptual framework (the Möbius strip) to situate the moral valence of hackers on a flexible model. Thus, the article provides insight into the ontological and normative complexities that define the study of hackers, as well as the perception of IT and cybersecurity professionals.
Stakeholders’ involvement is key to breeding programs’ success. The identification of stakeholders, their categories, respective role and weight in the overall process therefore constitutes a crucial aspect of animal breeding. The objective of this paper is to show how the different international experts in breeding perceive the participation of stakeholders and their collaboration in the sustainable management of cattle-breeding programs in developing countries. This study uses the Delphi method to collect experts’ opinions on stakeholders’ involvement in breeding scheme design. In a first round, experts are asked to list all potential stakeholders and to score them on a scale from 1 to 5 according to the perceived importance of roles assigned to them. In a second round, experts were asked to confirm or modify their first notes for each proposal, by taking into account the opinion of the other experts. In the first and second rounds, 17 and 12 experts answered our questionnaires respectively. Two types of analyses were first realized, i.e., a statistical analysis, which evaluated the consensus and the divergence between experts, and a textual analysis, which evaluated the arguments and the roles. Then a factorial correspondence analysis was conducted to propose a typology of stakeholders according to their roles. In the first round, the State representatives, researchers and breeders were frequently mentioned, but the experts variably perceived the importance given to them individually. In the second round, the experts confirmed the need to involve these stakeholders. Between the two rounds, a convergence of views is observed on this implication, despite a persisting divergence on the assigned roles and their relative importance. This diversity of views may have reflected a diversity of origins and professions of responding experts. Development professionals considered the State as the main actor, while researchers considered the breeders and researchers. Expressed through a typological analysis, this divergence of experts’ perception of roles suggests three groups of actors playing main roles. Group 1 corresponds to research, which role is to provide a scientific support for genetic and economic evaluation, as well as technological development. Group 2, composed of State, NGOs and funding institutions, covers roles in financing, subsidizing and capacity building. Group 3, including farmers and their organizations, is responsible of the breeding program management, genetic progress and breed conservation. The proposed typology of actors according to their role may intervene as a basis of discussion, helping in the identification of fruitful agreements beyond the perspective of one sole expert in charge of the designing of a breeding program. It suggests an organization that federates these groups of actors and defines the intervention framework and the activities of the breeding program.
Introduction: Web-based epidemiologic surveys are being widely used, but still present lower response rates compared to traditional methods. Their design can influence survey response rates.
Objective: Analyse the influence of questionnaire length, frequency of reminders, and the interaction between them, on the response rates of five web-based questionnaires.
Methods: This is a 2×2 factorial study. Participants registered into the coortesnaweb platform (n=1,277) were randomly assigned to respond to short or long questionnaires, and to receive high or low frequency of reminders. We analysed the influence of these factors on the response rates of five web-based questionnaires applied in a longitudinal manner. The relative risk of responding to an additional questionnaire was also analysed.
Results: The mean response rate was 54.3%. Sending reminders more frequently was positively associated with the response rates for the first questionnaires. Questionnaire length did not influence response rates. We found no interaction between questionnaire length and frequency of reminders. Women and highly educated participants had, respectively, 13.0% and 28.0% increased probability of responding an additional questionnaire.
Conclusions: We obtained high response rates for the first questionnaires. Sending reminders more frequently and providing conditional incentives should be employed. Long questionnaires did not jeopardize response rates of web-based questionnaires.
A simultaneous equation model was used to explain both the overall attitude of heterogeneous individuals towards television shows and also their beliefs about the shows on six relevant attributes. The halo effect may be the primary reason for the usually good descriptive results of the multi-attribute model.
The cyber threat to industrial control systems is an acknowledged security issue, but a qualified dataset to quantify the risk remains largely unavailable. Senior executives of facilities that operate these systems face competing requirements for investment budgets, but without an understanding of the nature of the threat, cyber security may not be a high priority. Education and awareness campaigns are established methods of raising the profile of security issues with stakeholders, but traditional techniques typically deliver generic messages to wide audiences, rather than tailoring the communications to those who understand the impact of organisational risks. This paper explores the use of experiential learning through serious games for senior executives, to develop mental models within which participants can frame the nature of the threat, thereby raising their cyber security awareness and increasing their motivation to address the issue
Reflexivity is the nature of qualitative research (Lincoln and Guba, 1985; Morgan an Smircich, 1980); implying that through reflectivity exercises researchers are able to demonstrate their research's rigour and also create a treasure trove of ideas and strategies, share the pleasures and agonies of doing qualitative research, The ever-growing body of knowledge on the strategies for accessing research participants that researchers share, evidences the gains of reflexivity (see the newly injected literature Cunliffe and Alcadipani, 2016; Blix and Wettergren, 2015; Mikecz, 2012). Well, this article does the same; it reflects on the access methodology employed for a PhD research (Maramwidze, 2015) carried out to explore the challenges faced by Foreign Direct Investors (FDI) in the South African banking sector, which involved sampling elite respondents. Similar to other researchers' views on accessing potential research participants, in this case organisational elites, the researcher faced challenges associated with gaining access; as well as the usually high cost of conducting face-to-face qualitative interviews. Whilst qualitative research provides contextually rich data related to specified research objectives, it is agreeable that this depends on the seniority and level of experience of respondents in organisations of interest. Organisational elites are good examples of such experienced respondents, but they are difficult to access because they often use gatekeepers to screen down possible contacts and manage their workloads more effectively. This access problem is particularly exacerbated on the part of beginning researchers who have not built up a deep enough networks of organisational contacts, which typified this author. The paper promotes the online social and professional media window access strategy for overcoming the challenges of access; which of course, helps minimise the financial and time cost factors. The key insight from the paper is that, success in accessing professional elites requires a methodical approach to identifying and building relationships (for types of researcher - respondent relationships, see Cunliffe and Alcadipani, 2016) with suitable online professional groups and staff in target organisations for the research, from early on in the research process. This establishes needed trust and elicits stronger cooperation from such elites in providing meaningful information to the researcher. The purpose of this article is therefore to present the author's subtle and innovative access strategy. As such, the paper does not attempt to provide details about data collection, analysis or findings of the case study reflected upon. The main contribution of the paper to knowledge is the immediacy in experience which the PhD study affords beginning researchers in learning how to establish such online relationships of trust with the elite participants, learn and implement innovative methodologies, to access and interview elites than would be the case without such strategies. The wider implications of the ideas for teaching research methods to beginning researchers are therefore explored later on in the paper.
At the end of the twentieth century (after a long history of coups d’état, a military uprising, a civil war, and a four-decade dictatorship) the Spanish public had serious doubts about the democratic nature of the armed forces. In 1989, the Spanish armed forces first took part in an international mission. Now, after 25 years of continuous active participation in overseas missions, public opinion polls rank the armed forces as the second most trusted institution in the country. International missions have contributed to (1) modernizing the Spanish armed forces; (2) changing the mentality of the Spanish military; and (3) improving Spanish society’s perception of the armed forces’ role. All in all, the armed forces’ performance abroad has helped improve domestic civil–military relations.
The expert interview as a method of qualitative empirical research, designed to explore expert knowledge, has been developed considerably since the early 1990s. A number of readers has been published1 and thus a gap in the methods’ literature has been dealt with, much to the benefit of many disciplines and fields of research in the social sciences. It can be assumed that through increased reflection on methodical issues research into experts’ knowledge has gained in professionalism and quality.2
Book synopsis: Focusing on countermeasures against orchestrated cyber-attacks, Cyber Security Culture is research-based and reinforced with insights from experts who do not normally release information into the public arena. It will enable managers of organizations across different industrial sectors and government agencies to better understand how organizational learning and training can be utilized to develop a culture that ultimately protects an organization from attacks. Peter Trim and David Upton believe that the speed and complexity of cyber-attacks demand a different approach to security management, including scenario-based planning and training, to supplement security policies and technical protection systems.
The authors provide in-depth understanding of how organizational learning can produce cultural change addressing the behaviour of individuals, as well as machines. They provide information to help managers form policy to prevent cyber intrusions, to put robust security systems and procedures in place and to arrange appropriate training interventions such as table top exercises. Guidance embracing current and future threats and addressing issues such as social engineering is included.
Although the work is embedded in a theoretical framework, non-technical staff will find the book of practical use because it renders highly technical subjects accessible and links firmly with areas beyond ICT, such as human resource management - in relation to bridging the education/training divide and allowing organizational learning to be embraced. This book will interest Government officials, policy advisors, law enforcement officers and senior managers within companies, as well as academics and students in a range of disciplines including management and computer science.
This paper gives an account of an experiment in the use of the so-called DELPHI method, which was devised in order to obtain the most reliable opinion consensus of a group of experts by subjecting them to a series of questionnaires in depth interspersed with controlled opinion feedback.
This article examines assumptions embedded in the routine practice of trying to make the places represented in qualitative accounts anonymous. Anonymity is usually seen as an ethical issue, but like any representational strategy, it conceals assumptions about the nature of entities in the world and our relations with them. Focusing on place anonymization, the author argues that the use of pseudonyms and the omission of identifying historical and geographical information align research accounts with certain ontological assumptions, modes of theorizing, and corporate constructions of the public sphere. The author concludes by suggesting ways that place and identification can be rethought in qualitative inquiry.
The author explores using qualitative research interviews to gain knowledge rather than mere opinions about a given topic. Current interviews typically aim to probe the respondents' experiences and opinions—doxa in Greek. An implicit model for much doxastic interviewing is client-centered therapy, in which the respondent—client is the only authority concerning his or her experiences and opinions. The author argues that doxastic interviews do not take advantage of the knowledge-producing potentials inherent in human conversations. Instead, the author examines the Socratic dialogue as an interview form that addresses not opinions but knowledge (episteme). In epistemic interviewing, both parties are engaged in dialectically examining a topic, with the aim of gaining knowledge in a normative—epistemic sense. The author presents examples from different interview studies that illustrate the epistemic interview in practice. Finally, the author asks whether epistemic interviews are suitable only for “elite interviews” and whether they are particularly ethically problematic.
The Delphi technique, in its simplest form, eliminates committee activity among the experts altogether and replaces it with a carefully designed program of sequential individual interrogations (usually best conducted by questionnaires) interspersed with information and opinion feedback.
This paper examines critically the Delphi technique to determine whether it succeeds in alleviating the “process loss” typical of interacting groups. After briefly reviewing the technique, we consider problems with Delphi from two perspectives. First, we examine methodological and technical difficulties and the problems these have brought about in experimental applications. We suggest that important differences exist between the typical laboratory Delphi and the original concept of Delphi. These differences, reflecting a lack of control of important group characteristics/factors (such as the relative level of panelist expertise), make comparisons between Delphi studies unrealistic, as are generalizations from laboratory studies to the ideal of Delphi. This conclusion diminishes the power of those former Delphi critiques that have largely dismissed the procedure because of the variability of laboratory study results. Second, having noted the limited usefulness of the majority of studies for answering questions on the effectiveness of Delphi, we look at the technique from a theoritical/ mechanical perspective. That is, by drawing upon ideas/findings from other areas of research, we attempt to discern whether the structure of the Delphi procedure itself might reasonably be expected to function as intended. We conclude that inadequacies in the nature of feedback typically supplied in applications of Delphi tend to ensure that any small gains in the resolution of “process loss” are offset by the removal of any opportunity for group “process gain”. Some solutions to this dilemma are advocated; they are based on an analysis of the process of judgment change within groups and a consideration of factors that increase the validity of statistical/ nominal groups over their constituent individual components.
Knowledge on effective strategies to encourage participation in epidemiological web-based research is scant. We studied the effects of reminders on overall participation. 3,876 employees were e-mailed a baseline web-based lifestyle questionnaire. Nine months later, a follow-up questionnaire was sent. To encourage study participation, 4-5 and 11 e-mail reminders were sent at baseline and follow-up, respectively. Additional reminders (media articles, flyers, SMS etc) were also administered. Reminders (e-mails + additional) were given in low (≤ 6 reminders), medium (7-9 reminders) or high amounts (>9 reminders). Participation was examined with respect to participant characteristics (i.e. age, sex, Body Mass Index, occupation), type/number of reminders, and time of participation. Most participants were males, 35-49 years, and field workers (non-office based). About 29 % responded before any e-mail reminder, following 26 and 45 % after 1 respective ≥ 2 e-mail reminders. Participant characteristics were not related to when the participants responded. The 4-5 e-mail reminders increased total response rate by 15 %, the eleven by 21 % (greatest increases in September). Those receiving medium amounts of reminders (reference) had the highest response rate (75 %), likewise office workers (54 %) compared to field workers (33 %). High amounts of reminders were particularly effective on office workers. The participants' characteristics were not related to when they responded in this web-based study. Frequent reminders were effective on response rates, especially for those with high Internet availability. The highest increases in response rates were found in September.
The concept of commitment is widely used but has received little formal analysis. It contains an implicit explanation of one mechanism producing consistent human behavior. Commitments come into being when a person, by making a side bet, links extraneous interests with a consistent line of activity. Side bets are often a consequence of the person's participation in social organizations. To understand commitments fully, an analysis of the system of value within which side bets are made is necessary
A questionnaire study was conducted with truck drivers to help understand driving and compliance behaviour using the theory of planned behaviour (TPB). Path analysis examined the ability of the TPB to explain the direct and indirect factors involved in self-reported driving behaviour and regulation compliance. Law abiding driving behaviour in trucks was related more to attitudes, subjective norms and intentions than perceived behavioural control. For compliance with UK truck regulations, perceived behavioural control had the largest direct effect. The differing results of the path analyses for driving behaviour and compliance behaviour suggest that any future interventions that may be targeted at improving either on-road behaviour or compliance with regulations would require different approaches.
This paper systematically reviews empirical studies looking at the effectiveness of the Delphi technique, and provides a critique of this research. Findings suggest that Delphi groups outperform statistical groups (by 12 studies to two with two ‘ties’) and standard interacting groups (by five studies to one with two ‘ties’), although there is no consistent evidence that the technique outperforms other structured group procedures. However, important differences exist between the typical laboratory version of the technique and the original concept of Delphi, which make generalisations about ‘Delphi’ per se difficult. These differences derive from a lack of control of important group, task, and technique characteristics (such as the relative level of panellist expertise and the nature of feedback used). Indeed, there are theoretical and empirical reasons to believe that a Delphi conducted according to ‘ideal’ specifications might perform better than the standard laboratory interpretations. It is concluded that a different focus of research is required to answer questions on Delphi effectiveness, focusing on an analysis of the process of judgment change within nominal groups.